SUSE CVE-2023-3674

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted...

The vulnerability of the TPM device driver for Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the TPM device driver for Windows operating systems is related to the default access rights settings. Exploiting this vulnerability can allow attackers to increase their privileges...

Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018

Summary TCG Trusted Platform Module code is used by PowerVM to support virtual TPM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2023-1017 and CVE-2023-1018, by upgrading PowerVM and thus addressing the exposure to the TCG TPM vulnerability. Vulnerability Details...

EulerOS Virtualization 2.11.0 : tpm2-tss (EulerOS-SA-2023-2114)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - tpm2-tss is an open source software implementation of the Trusted Computing Group TCG Trusted Platform Module TPM 2 Software Sta...

OESA-2023-1299 libtpms security update

A library providing TPM functionality for VMs. Targeted for integration into Qemu. Security Fixes: An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfull...

tpm2: TCG TPM2.0 implementations vulnerable to memory corruption

An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context...

tpm: TCG TPM2.0 implementations vulnerable to memory corruption

An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2023-1773)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tpm2: TCG TPM2.0 implementations vulnerable to memory corruption

An out-of-bound read vulnerability was found in the TPM 2.0's Module Library, which allows the reading of 2-byte data after the end of the TPM command. This flaw allows an attacker to leak confidential data stored within the libtpms context...

tpm: TCG TPM2.0 implementations vulnerable to memory corruption

An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope...

The vulnerability of the CryptParameterDecryption function in the microprogramming software of the Trusted Platform Module (TPM) allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the CryptParameterDecryption function in the microprogramming system of the Trusted Platform Module TPM processor lies in the writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary co...

Actors, Threats and Vulnerabilities 6 March to 12 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Last week, HiveForce Labs discovered three threat actors. One of them is a Russian group called TA499, which has a history of conducting different cyberattacks such as...

SUSE CVE-2023-1018

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM...

The vulnerability of the CryptParameterDecryption function in the microprogramming software of the Trusted Platform Module (TPM) allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CryptParameterDecryption function in the microprogramming system of the Trusted Platform Module TPM processor lies in the reading of data outside the buffer in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the protected...

K000132856: TPM 2.0 vulnerabilities CVE-2023-1017 and CVE-2023-1018

Security Advisory Description Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted command...

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other,...

DEBIAN-CVE-2023-1018

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM...

UBUNTU-CVE-2023-1017

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service crashing the TPM chip/process ...

TCG TPM 缓冲区错误漏洞

TCG TPM is a chip from the Trusted Computing Group that is planted inside a computer to provide a trusted root for the computer. A buffer error vulnerability exists in version 2.0 of the TCG TPM that stems from an out-of-bounds read issue. An attacker could use this vulnerability to read or acces...

PT-2023-1651 · Tpm2.0 +8 · Tpm2.0 +8

Name of the Vulnerable Software and Affected Versions: TPM2.0 affected versions not specified Description: An out-of-bounds write vulnerability exists in TPM2.0's Module Library, allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. This can lea...